PDA

View Full Version : Dynamic address through PPPoE on CheckPoint FW-1



kaabol
2005-12-22, 18:17
In FAQ Firewall-1 and DHCP, Barry Steifel wrote:
"In NG, it is possible to create firewalls that obtain their IP from DHCP. A special kind of firewall object is needed to support dynamic addresses."

I've got a FW-1 NG set up, for educational use, on my private DSL-line. Since I've only got a dynamically assigned public IP on this line, I'm having trouble configuring my incoming rules...

Could anyone please help me out with this issue? What kind of special FW object do I need, and how can I configure this?

DerGolo
2006-05-22, 02:56
Hi.

I have exactly the same setup for educational purposes here at home, too. Also I can't configure rules for incoming NAT, too.
I have created a host-object with the external IP provided via DHCP on the PPPoE line. By the use of this host-object, everything works good. But I have to change the IP-address of the host every day when I get a new address from my internet-provider.

Does anyone have a suggestion how to solve this? Is there any possibility to have an object always providing the actual IP-address of the pppoe-interface?

I have searched the internet by google and this forum without any result.
Thanks a lot!

Yours Golo Königshoff.

PS: I am using NGX R60 on a Secure Platform Pro.

thebuffman
2006-09-28, 09:00
have you ever tried scheduling a batch file that will perform a query to the internet (ping, nslookup, etc) every hour? what i'm hoping it will do is help reserve your leased ip address due to constant usage.

DerGolo
2006-10-02, 03:44
I have not tried this. But the line is constantly used due to scheduled mail transfer (every 5 minutes). I will not be able to keep the line up for more than 24 hours. The provider resets the line and assigns a new ip adress every 24 hours. Do you have any other idea?

Thanks for your help,
Golo

yadgayan
2013-01-03, 03:16
I have not tried this. But the line is constantly used due to scheduled mail transfer (every 5 minutes). I will not be able to keep the line up for more than 24 hours. The provider resets the line and assigns a new ip adress every 24 hours. Do you have any other idea?

Thanks for your help,
Golo

I have tried this before. But we can not get static ip address for PPOE interface. If SP side provide static ip. Then we can get constant ip address for ppoe interface..

DerGolo
2013-01-03, 06:10
Dear yadgayan,

thanks for the answer. Since I was not able to solve the problem with dynamic IPs and since I changed my provider to get a static IP, this case is not relevant any more.

As a result of the tests, I advised my customers only to user PPPoE lines with static IPs.

Bye,
Golo